乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-26: 细节已通知厂商并且等待厂商处理中 2014-05-26: 厂商已经确认,细节仅向厂商公开 2014-06-05: 细节向核心白帽子及相关领域专家公开 2014-06-15: 细节向普通白帽子公开 2014-06-25: 细节向实习白帽子公开 2014-07-10: 细节向公众公开
:-)机智如我
1.方法详见: WooYun: 乐视某系统后台可暴力破解入内部系统(枚举小技巧)
目测你们只修改了上述漏洞提供的弱口令帐号,其他地方并无整改而我上次也说了,其实我字典都还没跑完..治标不治本,有何用处呢..?
2.oa.letv.com 收集办公系统用户:
anlinanqianyanganyubachuanbaijiangbainabairongbaisenbaisongbaixiabaiyubaoleibaonanbijingbianxubianzhibolancaijuncaileicailicailongcaipeicangpengcaohongcaolicaomincaoxincaoyancaoyangcaoyicaozhuoceshicuimengcuiyancuiyongchaiyanchangjiachanglechangyuanchenbochencaichenchenchenchengchendachendanchenfengchenfuchengenchenhaochenhongchenjingchenjunchenliaochenlinchennanchenpengchenqingchenshichenshuchenweichenxiangchenxiechenxuechenyichenzhenchenzhuochengbinchengenchenggangchenglinchengxichengyongchiweichuchaodaimengdaipeidaiwendengruidengyangdingrandingshuodingyedongchengdongjuandonglidongludufengdujuandukundupengduweiduxinduyaofanweifangningfangxinfangyuefenghongfengjingfengxifubinfulingfulufuningfuqiangfurongfutaofuxinfuxuanfuyaogaipengganhongganlinganwengaochaogaofeigaofenggaohaogaojiegaokaigaoleigaoqigaoxugaoyigaozigenghuagengjiegengweigengyingonglugongmenggongqinggongranguhangujianguanhuiguanningguanpingguantaoguantongguanxiaoguanxuguanyiguobinguojunguoqiangguoshuangguoxuguoxuehaihonghanfeihanjiahanjiehanjuhanxianghanxiaohanxuhaofanghaoruihaosenhaoshuohechaohefenhejinghejunhekaihelinghemanheshanheyinheyuehongjianhongzhihouxuhubinhubinghubohujiahuminghuyonghuanjunhuangbohuangdanhuangdihuanghaohuanghehuangjiehuangjinghuangkehuanglinhuangpenghuangqinhuangtaohuangyihuangyonghuojihuoyujijiangjiruijiabaojiaweijiangbojiangchengjiangfengjianglijiangnanjiangqijiangtaojiangzhuojiaoleijiaoweijindanjinhangjinhuijinjinjinnajinqijinqiaojinqujinxinkouhuilanyanlanyueleinalenghanlibinglibolicanliceliconglichenlichenglichuanlidanlidilidongligangligeligenlihaolijialijinlijuanlileililianglilunliluolimanlimengliminglimulininglipeilipenglipingliqiliqiangliruilishalishenlishuailishuanglitaoliweilixilixiaolixinlixueliyangliyiliyinliyingliyulizhelizhenlizhulizhuolianboliannaliangboliangfanliangjingliangjunliangleiliangqianliangshaliangyanliangyingliaojianliaokailinrunlintonglinyanglinyulinzhelingchenliuboliucongliuchangliuchaoliuchongliudiliudouliufengliugangliuhailiuhengliuhongliujialiujianliujiaoliujieliujingliukailiukangliukeliulailiuliangliumiaoliumingliunaliupeiliupengliuqianliuquanliurongliusongliushanliushuliushuangliushunliushuoliutingliutongliuwangliuweiliuxiangliuxiaoliuxuliuxuanliuyanliuyangliuyingliuyongliuyuliuzhilonglilongshuangloushuailufengluhaolunanlushanluxiluxuluyilvfenglvhenglvjielvlinlvyilvzelunanluojianluojingluonamabinmalinmalumanamasamayuemazhemazhimazhoumanamaodimaoqimaoweimeiqingmengliangmengminmengpengmengtianmengtingmengxinmengyumengzhaomiyangmiaomiaomintingmuyuniqiniyanniejingnielinniexinninggeniuleiniutingousuipanfengpanhongpanjiapantaopanyangpangkunpengbinpengchengpenggangpenghongpenghuanpengjiapengqian
3.自动化FUZZ结果:
liangjun:abc123456hujia:abc123456
4.如果我说..其实这次我字典还是没跑完呢..好吧,不闹了,赚点rank而已 下次不提oa这里了..
楼主我进来了,楼主我又出去了..
WooYun: 乐视某系统后台可暴力破解入内部系统(枚举小技巧) 详见之前提交的漏洞,除了弱口令,同样重要的是用户名需不可枚举
危害等级:高
漏洞Rank:12
确认时间:2014-05-26 09:22
谢谢,修复是需要时间的,我们抓紧~~~~
暂无